ZDNet

PHP Everywhere code execution bugs impact thousands of WordPress websites

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...
Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...
Houston Chronicle

How to Remove Google Analytics Code From a WordPress Footer

Google Analytics tracks visitor and keyword information on your website, giving you valuable insight into viewing and search habits. Installing Google Analytics into a WordPress-driven website is easy ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
Bleeping Computer

Critical Bug in WordPress Plugin Lets Hackers Execute Code

A critical security issue found in the Ad Inserter WordPress plugin currently installed on over 200,000 websites allows authenticated attackers to remotely execute PHP code. Ad Inserter is an "ad ...
Houston Chronicle

How to Add Form Code to a WordPress Post

HTML form code offers an easy way to insert form items -- text boxes, radio buttons and checkboxes, for example -- to your WordPress site. This allows you to create such features as search boxes and ...
Threat Post

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...